1. Who we are
Frontia Operations, Inc. ("Frontia", "we") operates a SaaS platform that acts as a Tech Provider for Meta's WhatsApp Business Platform. Each business customer connects their own WhatsApp Business Account (WABA) through Meta Embedded Signup and authorizes us to operate messaging on their behalf.
This policy explains the data we process as a controller and as a processor on behalf of our customers.
2. Data we collect
When you connect WhatsApp Business we collect: your WhatsApp Business Account ID (WABA ID), the connected phone numbers and their phone_number_id, the names, languages, and approval status of your message templates, message metadata (identifiers, timestamps, and delivery status), and the Meta access tokens required to call the API.
We also collect business account data: name, email, user profile, and billing information. We do not store the content of your end customers’ messages beyond what is needed to provide the service.
3. How we use data
We use this data solely to: connect and register your number via Embedded Signup, read your templates and phone numbers, send templates you approve, display delivery status, and operate the features you subscribed to. We do not use WhatsApp data for advertising and we do not sell it to third parties.
4. Meta and WhatsApp Platform
Frontia uses Meta’s Graph API and WhatsApp Cloud API. Processing of WhatsApp data is also governed by the Meta Platform Terms, the WhatsApp Business Terms, and the Meta Data Policy. We access only the whatsapp_business_management and whatsapp_business_messaging permissions you authorize during Embedded Signup.
5. Legal basis and retention
We process data on the basis of contract performance and the consent you grant when connecting your account. We retain data while your account is active. When you disconnect your account or request deletion, we erase your data as described in our User Data Deletion page.
6. Who we share data with
We do not sell your data. We share it only with subprocessors that make the service possible: Meta Platforms (message delivery), Supabase (database and authentication), and Vercel (hosting). Each processes data under its own data protection agreements.
7. Your rights
You may request access, rectification, portability, or deletion of your data at any time. To delete your data, see the User Data Deletion page or email privacy@frontia.app. If you reside in the EEA or UK, you may lodge a complaint with your supervisory authority.
8. Security
We encrypt data in transit and at rest, restrict access to Meta access tokens, and log administrative access. No system is fully secure; we will notify you of any incident affecting you as required by applicable law.
9. Contact
Data controller: Frontia Operations, Inc. Privacy: privacy@frontia.app Data Protection Officer: dpo@frontia.app